Custom realm and parsing request params

I think you can do this with a reverse proxy to add the authentication headers.

I have walked through using an nginx proxy to auto-authenticate kibana hosted inside an iframe. nginx attaches a username and password to the custom header, which works, though I did not introduce a custom auth realm into the mix.

If your kibana and hosted iframe code is on the same domain, you might also be able to grab and set a cookie.

Here are a couple additional links that might prove useful: